-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 18 Aug 2025 09:27:51 +0100 Source: glib2.0 Binary: libglib2.0-0 libglib2.0-0-dbgsym libglib2.0-bin libglib2.0-bin-dbgsym libglib2.0-dev libglib2.0-dev-bin libglib2.0-dev-bin-dbgsym libglib2.0-tests libglib2.0-tests-dbgsym libglib2.0-udeb Architecture: ppc64el Version: 2.74.6-2+deb12u7 Distribution: bookworm Urgency: medium Maintainer: ppc64el Build Daemon (ppc64el-osuosl-02) Changed-By: Simon McVittie Description: libglib2.0-0 - GLib library of C routines libglib2.0-bin - Programs for the GLib library libglib2.0-dev - Development files for the GLib library libglib2.0-dev-bin - Development utilities for the GLib library libglib2.0-tests - GLib library of C routines - installed tests libglib2.0-udeb - GLib library of C routines - minimal runtime (udeb) Closes: 1065022 1104930 1110640 1110696 Changes: glib2.0 (2.74.6-2+deb12u7) bookworm; urgency=medium . * d/p/gstring-carefully-handle-gssize-parameters.patch, d/p/gstring-Make-len_unsigned-unsigned.patch: Add patches from upstream to fix a buffer underflow in GString. This could cause a memory overwrite if a program handles extremely large text strings of an attacker-controlled length. The required string length would be close to 2 GiB on 32-bit and the bug is not believed to be practically feasible to exploit on 64-bit. (CVE-2025-4373) (Closes: #1104930) * d/p/glib-gfileutils.c-use-64-bits-for-value-in-get_tmp_file.patch, d/p/gfileutils-fix-computation-of-temporary-file-name.patch: Add patches from upstream to fix a buffer underflow in get_tmp_file(). This is used in g_mkstemp(), g_mkdtemp() and similar functions, and could cause a crash or possibly arbitrary file overwrites (believed to be unlikely to be exploitable in practice) if a long-running program creates more than 2 billion temporary files. (CVE-2025-7039) (Closes: #1110640) * d/libglib2.0-0.postrm.in: Rewrite postrm for safer upgrade behaviour, based on the version in unstable and proposed for inclusion in trixie: - Only remove giomodule.cache during purge, not during remove. This matches the behaviour of gschemas.compiled and avoids a window between old-postrm and new-postinst during which giomodule.cache is missing, breaking applications that need GIO modules. - Don't remove gschemas.compiled or giomodule.cache during purge if there is evidence that they might still be needed (Closes: #1065022, #1110696): + don't remove them if ${libdir}/glib-2.0 still exists, for example provided by libglib2.0-0t64 after upgrading to trixie; + don't remove gschemas.compiled if at least one GSettings schema still exists; + don't remove giomodule.cache if at least one GIO module still exists - Refactoring to support the above * d/tests/1065022-futureproofing: Add a test for #1065022, modified from the version in unstable and proposed for inclusion in trixie Checksums-Sha1: 44c376432c123db2d404541e8e347d9c5b71fbc3 11622 glib2.0_2.74.6-2+deb12u7_ppc64el-buildd.buildinfo 574af467744e4da0594450b8b6457720adaa9354 4075968 libglib2.0-0-dbgsym_2.74.6-2+deb12u7_ppc64el.deb 447945335681766a91780d1af229dabc818d959b 1464564 libglib2.0-0_2.74.6-2+deb12u7_ppc64el.deb 60026d1c0335cba6f5e0915b61fda1cffc16feda 148332 libglib2.0-bin-dbgsym_2.74.6-2+deb12u7_ppc64el.deb 2e622dcd6d789ef8d67bbb306c2d71478517e3b9 114864 libglib2.0-bin_2.74.6-2+deb12u7_ppc64el.deb e304a7e5df29b7de4af2a45807f7fa70969b7b76 73324 libglib2.0-dev-bin-dbgsym_2.74.6-2+deb12u7_ppc64el.deb 46f5d304be8633d95feb848c4e0a29d1b19d7c5c 155288 libglib2.0-dev-bin_2.74.6-2+deb12u7_ppc64el.deb 220ee162733623f1c6e09059fd83a31b4f47b709 1773664 libglib2.0-dev_2.74.6-2+deb12u7_ppc64el.deb 3f7f03f305109d5f44b7a9a30bb9d29a7591ad49 4480040 libglib2.0-tests-dbgsym_2.74.6-2+deb12u7_ppc64el.deb 6b7753a20afed1eb30663e7cdbaad1f9a0c9cdc9 1796040 libglib2.0-tests_2.74.6-2+deb12u7_ppc64el.deb 92c8d48eab19e51767078ba52be6e3426bf9d5f5 2329416 libglib2.0-udeb_2.74.6-2+deb12u7_ppc64el.udeb Checksums-Sha256: f158e980e955e4a5b1de1a44fc0a4090494e15120b4ee62ba5e70eb0f76d9125 11622 glib2.0_2.74.6-2+deb12u7_ppc64el-buildd.buildinfo e9a99994298dbd9c12b9e0b88bfa26c9096c4dec913e6400eca37672d255cfd6 4075968 libglib2.0-0-dbgsym_2.74.6-2+deb12u7_ppc64el.deb a18acde4a03909a620bcb6e476f400c5b39176a3dd66e482e88a58e864e38cb9 1464564 libglib2.0-0_2.74.6-2+deb12u7_ppc64el.deb 2878c51e06dcad3d197d17f3662e01ce8c43f7f921b33c3e1ec87c3c74694840 148332 libglib2.0-bin-dbgsym_2.74.6-2+deb12u7_ppc64el.deb 93ea73f1c38392e6286cd21efeee8d22eebc352389809f459d049bddfa52b1b0 114864 libglib2.0-bin_2.74.6-2+deb12u7_ppc64el.deb 8dad75ccaf2173b3499d4e7cdc9ba2eb582fa7ecb1cd835d81ce6d8cf088201f 73324 libglib2.0-dev-bin-dbgsym_2.74.6-2+deb12u7_ppc64el.deb b63d5e8c8356759a8a65708eb3173cc394d6fe5db8b867ca4dda3616965f5c0c 155288 libglib2.0-dev-bin_2.74.6-2+deb12u7_ppc64el.deb 2e193795bfcd98a86d29b320805e073e4fa0e57247d1e5693a4a45bea18d2849 1773664 libglib2.0-dev_2.74.6-2+deb12u7_ppc64el.deb 43843a04c99ebd6090e2ceda8081fe561535e653fecaba13ad4e8e4c37f48b97 4480040 libglib2.0-tests-dbgsym_2.74.6-2+deb12u7_ppc64el.deb 3d7b8675d4933feaa0de3c71d9a3a855882810508d8fd176a4c7afeb445ca735 1796040 libglib2.0-tests_2.74.6-2+deb12u7_ppc64el.deb 43fab02a97dc9605ccab42eb860636caa9285026eaf5ab92595ec2cc5fefab15 2329416 libglib2.0-udeb_2.74.6-2+deb12u7_ppc64el.udeb Files: f42bc792b1b564076385ac8b04a25e5f 11622 libs optional glib2.0_2.74.6-2+deb12u7_ppc64el-buildd.buildinfo 7e54893f8ef70c098a2e272e635a1532 4075968 debug optional libglib2.0-0-dbgsym_2.74.6-2+deb12u7_ppc64el.deb bf389841f209072cb40e803947497f11 1464564 libs optional libglib2.0-0_2.74.6-2+deb12u7_ppc64el.deb 74ca2da2e14d974ba428a45db0e2a19a 148332 debug optional libglib2.0-bin-dbgsym_2.74.6-2+deb12u7_ppc64el.deb d79d30518e25692f28b4f7192ad1032c 114864 misc optional libglib2.0-bin_2.74.6-2+deb12u7_ppc64el.deb 13dcaa5ece08fb4da72f75726a4f039d 73324 debug optional libglib2.0-dev-bin-dbgsym_2.74.6-2+deb12u7_ppc64el.deb f7188a64643811954db15476699cb660 155288 libdevel optional libglib2.0-dev-bin_2.74.6-2+deb12u7_ppc64el.deb 400d10c883cb539ba768888fa75f00b1 1773664 libdevel optional libglib2.0-dev_2.74.6-2+deb12u7_ppc64el.deb e8926ea43af0f3a6ed1815cf6f3c936d 4480040 debug optional libglib2.0-tests-dbgsym_2.74.6-2+deb12u7_ppc64el.deb c401a9c51d16685fb36b26eb1725772e 1796040 libs optional libglib2.0-tests_2.74.6-2+deb12u7_ppc64el.deb 5e5759e01101e13ff76ee5dd75f40c7d 2329416 debian-installer optional libglib2.0-udeb_2.74.6-2+deb12u7_ppc64el.udeb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEYo4fOZBRi9qmvTxH1PowSTJ8+YQFAmizZcYACgkQ1PowSTJ8 +YSdVA/8DzNXylC7IyHmqABxaAwRCsm1BevgNzOg+iXSTps/Qega3r/fF6Hb5MHi +gssmpuf3Ni2j8emNseyb5rEq8IfILAnLgv12cpUSk9y58L/7XTOzMRnPOX0rAGr nQ7Vz/XTu9ohS1kO39NjgBBNbzH7Wqv9GbayM5DYcJvN7InFGdqJA8GSN3ksFvQz mKEosyGM1nQNYMYkR2cVO0Ep95IZ+gIcVdqMzn5DBYLg7FPKT5QBufLOoWYHQ2BE 2AOAmatH3ZEhm+3cCqSC106FHnfGw5IZilpivCi7lpSNJ9FxKo5+/1nUcJcplD9T TYCTvn+MgR5U0xInFK0wS2MzWpy4V/zLlYnxA0Ra0NmHuLYO4Hb3Lg47Fv7u01Ii pE7F7ilFiT31qp2WP7/j+yzvmS3QpjvEJCRx6d4SdG0/PlKeFd4NxmUPeQQ9rGp5 A3E/txNhI+fNSYckXowTUgvSGAAVnWwfWWB74G96gaoG71sJpTfL/ivlajuU/99P QXdPnW9yugLs4zIDUfdl4bHkHdJfknEFRvRaVrSBkQ2TWmx1dK/MXDVK2mVwN1QT WMrnUGBeX2QF5IFltLhXaJW/3h5Hv+wFuytTbQ9midESsYt7UQwvR7tAJGuY48pB 5oz7pv8zifr735SyYhC3YVy9q4KrokPof7ZMK7Efuc3suur2n8U= =q0nc -----END PGP SIGNATURE-----